10 characters minimum
15 or more is recommended
According to AR 25-2, Section IV, paragraph 4-12 b:
The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards.
BBP for Army password standards are contained in 04-IA-O-0001, paragraph 5A:
(1) All system or system-level passwords and privileged-level accounts (e.g., root, enable, admin, administration accounts, etc.) will be a minimum of 15-character case-sensitive password changed every 60 days (IAW JTF-GNO CTO).
(2) All user-level, user-generated passwords (e.g., email, web, desktop computer, etc.) will change to a 14-character (or greater) case-sensitive password changed every 60 days.
From these two documents it would appear that the 10 character minimum is an outdated recommendation.
From this it would appear that the frequently repeated "8 character minimum" is outdated. Note that the only conditions where an 8 character password is allowed is:
(8) The use of eight character passwords are authorized when:
(I) The password generated is a purely random-generated authenticator from the complete alpha/numeric and special character sets and no user-configured passwords can replace, be generated, or accepted in lieu of the generated password. (For example: Credentialing system issues randomly generated authenticator AND enforce use of that authenticator to network resources.)
Or:
(II) Access to private applications is conducted over an approved 128-bit encrypted session between systems, and the application does not enforce local user access credentialing to a local network resources. (For example: User accesses local LAN connected system through traditional access procedures then accesses a web portal application over an SSL connection; the web portal password may be 8 characters.)
--- from 04-IA-O-0001, paragraph 5A
According to AR 25-2, Section IV, paragraph 4-12 b:
The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards.
BBP for Army password standards are contained in 04-IA-O-0001, paragraph 5A:
(1) All system or system-level passwords and privileged-level accounts (e.g., root, enable, admin, administration accounts, etc.) will be a minimum of 15-character case-sensitive password changed every 60 days (IAW JTF-GNO CTO).
(2) All user-level, user-generated passwords (e.g., email, web, desktop computer, etc.) will change to a 14-character (or greater) case-sensitive password changed every 60 days.
From this it would appear that the frequently repeated "8 character minimum" is outdated. Note that the only conditions where an 8 character password is allowed is:
(8) The use of eight character passwords are authorized when:
(I) The password generated is a purely random-generated authenticator from the complete alpha/numeric and special character sets and no user-configured passwords can replace, be generated, or accepted in lieu of the generated password. (For example: Credentialing system issues randomly generated authenticator AND enforce use of that authenticator to network resources.)
Or:
(II) Access to private applications is conducted over an approved 128-bit encrypted session between systems, and the application does not enforce local user access credentialing to a local network resources. (For example: User accesses local LAN connected system through traditional access procedures then accesses a web portal application over an SSL connection; the web portal password may be 8 characters.)
--- from 04-IA-O-0001, paragraph 5A
According to AR 25-2, Section IV, paragraph 4-12 b:
The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards.
BBP for Army password standards are contained in 04-IA-O-0001, paragraph 5A:
(1) All system or system-level passwords and privileged-level accounts (e.g., root, enable, admin, administration accounts, etc.) will be a minimum of 15-character case-sensitive password changed every 60 days (IAW JTF-GNO CTO).
(2) All user-level, user-generated passwords (e.g., email, web, desktop computer, etc.) will change to a 14-character (or greater) case-sensitive password changed every 60 days.
From this it would appear that the frequently repeated "8 character minimum" is outdated.
According to AR 25-2, Section IV, paragraph 4-12 b:
The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards.
BBP for Army password standards are contained in 04-IA-O-0001, paragraph 5A:
(1) All system or system-level passwords and privileged-level accounts (e.g., root, enable, admin, administration accounts, etc.) will be a minimum of 15-character case-sensitive password changed every 60 days (IAW JTF-GNO CTO).
(2) All user-level, user-generated passwords (e.g., email, web, desktop computer, etc.) will change to a 14-character (or greater) case-sensitive password changed every 60 days.
.
.
.
(6) The password will be a mix of uppercase letters, lowercase letters, numbers, and special characters with a minimum of characters as follows:
a. Contains at least 2 uppercase characters: A, B, C etc.
b. Contains at least 2 lowercase characters: a, b, c, etc.
c. Contains at least 2 numbers: 1,2,3,4,5,6,7,8,9,0
d. Contains at least 2 special characters, i.e. ! @ # $ % ^ & * ( ) _ + | ~ - = \ ` { } [ ] : " ; ' < > ? , . /
(7) Passwords will not have the following characteristics:
a. Is a word found in any dictionary, thesaurus, or list (English or foreign)
b. Is any common usage word or reference such as:
(I) Names of family, pets, friends, co-workers, fantasy characters, etc.
(II) Computer terms and names, commands, sites, companies, hardware, software.
(III) Common words such as; "sanjose", "sanfran" or other derivative.
(IV) Birthdays, addresses, phone numbers, or other personal information.
(V) Word or number patterns like; aaabbb, qwerty, mypassword, abcde12345.
(VI) Any of the above spelled backwards.
(VII) Any of the above preceded or followed by a digit (e.g., secret1, 1secret).
(VIII) Social security numbers (SSNs).
(IX) USERID
(X) Military slang, acronyms, or descriptors or call signs.
(XI) System identification.
(8) The use of eight character passwords are authorized when:
(I) The password generated is a purely random-generated authenticator from the complete alpha/numeric and special character sets and no user-configured passwords can replace, be generated, or accepted in lieu of the generated password. (For example: Credentialing system issues randomly generated authenticator AND enforce use of that authenticator to network resources.)
Or:
(II) Access to private applications is conducted over an approved 128-bit encrypted session between systems, and the application does not enforce local user access credentialing to a local network resources. (For example: User accesses local LAN connected system through traditional access procedures then accesses a web portal application over an SSL connection; the web portal password may be 8 characters.)
So under normal circumstances, the minimum password length for privileged accounts must be 15 characters long and normal limited privilege user accounts must be 14 characters long. In both cases, the password complexity must comply with paragraphs (6) and (7) above.
AR 25-2 does not actually specify password length but the Army password requirements (from BBP 04-IA-O-0001 which AR 25-2 specifies should be followed) are:
Minimum 15 characters.
Length = 252/18 = 14 feet
1 yard = 36 inches 7 yards = 252 inches. They are the same length.
Using Pythagoras' theorem: 252-152 = 400 and the square root of this is 20 units in length.
The Tiber is 252 miles or 405km in length.
252 metres( 826.8 ft) in length and 26 metre width
252 square ft. Since the room is rectangular, you find the area by multiplying the length and the width, in this case being 18 and 14. 18x14=252 so the area, which is always in square units, is 252 square feet.
Doesn't seem likely, does it? A diagonal 50 times the length of the sides? Diagonal = sqrt(252 + 252), ie sqrt 1250(!) which is 35.36 to the nearest hundredth.
12 ft
Multiply width by length to get the area. The answer would be 252 square feet.
There are 36 inches to a yard. 36 × 11 = 396 inches Therefore 11 yards is longer than 252 inches.
It is 42 inches.
252 square feet. This is an easy calculation - just multiply the length by the width. The answer is the number of square feet.